Why an Air-Gapped Computer (AGC) for Bitcoining?

Published in Bitcoin Magazine

I get many questions about this so I’ve decided to write about why an air-gapped computer (AGC) for Bitcoin security might be desirable for some people.

Reason 1

The primary reason for an AGC is to check the functioning of your hardware wallet (HWW). To begin with, when your HWW generates a seed (from which an extended private key is mathematically derived), how do you know that the seed is truly random? You are trusting it. If you use some method to make sure it’s random, like adding a passphrase or using, for example, ColdCard’s dice-roll function to add your own entropy (randomness), you are ensuring the seed is genuine, but you are not necessarily checking that the addresses that seed creates truly come from the seed.

Theoretically, any address can be implanted in a nefarious device – even if you have a good seed (12 or 24-words that regenerates your addresses and ability to spend). You’d need some way to put the seed into OTHER SOFTWARE, like Electrum Desktop Wallet, or Ian Coleman’s Code Converter (BIP39 online tool/calculator), and check the addresses created by these alternative software (using the seed), then compare it with the addresses from the HWW.

This will confirm the HWW’s software is behaving correctly (well, actually, it confirms it is behaving as other software behaves, so it’s less likely to be rogue).

If you understood what I just said, it should sound easy enough to do, but doing involves typing the seed(s) into a computer – and that is dangerous! The whole point of having a HWW in the first place is so your computer never has access to your seed, and you don’t have to worry about malware stealing it.

You might wonder, “Isn’t the software open source, and therefore I’m not trusting it?” Well, I have two things to say about that…

  1. “Open source” is not enough to be secure, because we are not directly downloading the readable version of open-source software, we’re downloading a derivative – the executable file, which is created from the readable code and can only be interpreted by a machine. To actually eliminate trust, you must ensure that you are the one that put the software inside the device, AND, you compiled that software yourself from the open-source code. Most people don’t do that because it’s too hard. Many would download the compiled version, and even if they check the developer’s signature of an executable file (to eliminate the risk of tampering), they are still trusting the developer actually used the available open-source code to create the executable file that was downloaded. We are still “assuming” the developer won’t be stealing from us, so this won’t do actually, not for large amounts of bitcoin.
  2. What is to say that a potentially nefarious device has OTHER SOFTWARE embedded in it, in addition to the open-source software you installed? What if that software is interfering and tricking you? It’s highly paranoid, I know, but for security, you have to start with the assumption that clever people are out to steal your bitcoin.

SOLUTIONS:

  1. Air-gapped computer. This is a computer with no WiFi or BlueTooth devices (including mouse and keyboard). Simply using a regular computer and switching off the WiFi is not sufficient, because the WiFi components are radio devices and they can be accessed by software (malware) on your computer even if you think the WiFi is off. Also, malware might wait on your system for you to accidentally connect to the internet and then transmit private data out. It’s preferable that your AGC is new, and ideal that you build it yourself. With this device, you can confidently create Bitcoin seeds (see this guide), or type in the seed words into a software wallet (to check the addresses that come from the seed) without a realistic risk that the seed can be extracted. Yes, the NSA might park a van outside your house and tap into your power cables and work out your keystrokes, but come on, we can be paranoid and realistic at the same time! A way to mitigate this type of “laboratory-condition risk”, if you are so inclined, is to: A) use a multisignature wallet, and B) use a different air-gapped computer for each seed, and C) create the seeds at different places on different days on each computer.
  2. Use another HWW to verify. This HWW must be a different brand from the one you are checking. With this device, you can “restore” the seed that the first HWW generated, and you can compare the addresses that were created; make sure they are identical.

What are we trusting?

With the proposed solution of using different products to compare resulting addresses (and xPubs and xPRVs) from the seed, we are “trusting” that the owners of different products (software) are not colluding to trick us. To go so far as to eliminate that as well, we can learn to code, then read the code of the comparing software ourselves, which makes sure we are using code that we KNOW is honest to check the addresses – that’s a long term project, and yes, I’ve embarked upon it, out of interest.

We’re also trusting that the generic computer equipment we buy is not somehow tampered with. It’s a reasonable assumption because these devices are not only sold to Bitcoiners making private keys but to regular people as well 😂, so there is little return in tampering with a generic device.

Reason 2

Another reason for an AGC is to create your own seeds from true randomness that you generate yourself (eg a coin toss or dice). I’ve explained how to do this in a guide, and you can practice first with a regular computer, as long as you discard the seed you create. Once you acquire an AGC, you can use your skills to produce a real seed that you can use. You can use the AGC computer to create seeds for friends and family as well.

Ideally, you should put the newly created seeds into a hardware wallet – the device electronically stores the seed and locks access to it with a PIN. Then, you’d delete the private information off the AGC, as physical access to the computer, eg burglary, will leave your data vulnerable to clever hackers. Creating seeds on different AGCs and making a multisignature wallet is an extreme way to defend against this risk. But there are much better reasons to use multisignature wallets – don’t worry about getting there right away, it’s something you can gradually work towards as you build your skills.

Reason 3

Inheritance is a tricky subject. Everyone will have a different strategy, and everyone (and their heirs) will tolerate different levels of complexity. Some people will need help, so I have created a service to assist, but you can learn the skills and do it yourself.

Part of the inheritance plan may be to leave encrypted messages to heirs. The messages are encrypted because they are SENSITIVE. Anyone gaining access to the message may be able to steal the inheritance. Therefore, typing such a letter on any old computer is potentially hazardous.

An AGC comes in handy here. You can write the message and you can use gpg to encrypt the data with a password, then copy it to one or more storage mediums – with explicit instructions not to read the file unless it is on an air-gapped computer.

Types of AGCs

Air-Gapped Pi Zero V1.3 (no WiFi)

I’ve previously described how to build a Raspberry Pi Zero v1.3 (It’s not as straightforward to install software on this device as you might think – because it has no internet connection).

This device is slow, but it’s very cheap (almost discardable), and you can have several, which is particularly useful in a multisignature setup where each device can hold one of the seeds (redundantly – ie you should have written backups of your seeds) and they can all be stored in geographically separate locations to distribute the spending conditions.

You still need to attach a keyboard, mouse and monitor to the devices, and take your peripherals with you to each signing device, wherever you may have stored them. To make a Bitcoin transaction, create an unsigned transaction on your clean internet computer, save your transaction and make it portable (a file, or QR code), and take it to your first AGC. You would then import the transaction to that computer, sign it with the first seed, save it and make it portable again (this time it has 1 signature), and take it to the second AGC etc. In this way, you are never at risk in one location with the ability to spend all your bitcoin, making your security much greater.

Air-Gapped Laptop

A laptop can be used as an AGC too, but you need some technical confidence to open up the device and remove the WiFi components (and BlueTooth) which always come with laptops these days. It’s also the most expensive option – but they’re more convenient than Pi Zero’s, as you don’t have to fumble around with cables connecting the mouse, keyboard, and monitor. Having multiple Air-Gapped Laptops in multiple locations, each with one seed in a multisignature setup is going to be expensive. It’s probably better to just have one AGC and put seeds generated with it into various hardware wallets and distribute the HWWs. Some people don’t want to create all the seeds on one AG device, which may be a bit too paranoid, even for me.

Air-Gapped Desktop Computer

A desktop computer is not so practical for multisig seed distribution, but it’s great as a seed GENERATING computer, particularly if you want to be the Uncle Jim of Bitcoin seeds for your friends and family. These computers are MUCH faster than the Pi Zeros. A one-hour session with a visitor to make a seed can be cut down to 10 minutes.

You may wish to buy all the parts yourself and build the computer at home, but I think it’s safe enough to get the computer store to build it for you with the parts you want – just don’t tell them the purpose of the computer (This is to eliminate the risk of tampering. A desktop computer’s components are easy to inspect, so you can see what’s been installed).

Make sure they use parts with no WiFi capabilities whatsoever; having Ethernet network ports are OK, just don’t use them.

Used Desktop or Laptop

I don’t recommend this but it’s up to you to assess the trade-off of cost vs security.

An old desktop or laptop computer can technically be made air-gapped by removing the WiFi components, but I’d prefer you use a computer that has never previously connected to the internet, just for peace of mind.

The Operating System

The computer might come with OEM software with Windows or Linux. Don’t buy Macs for this purpose, they’re not friendly to tinkerers.

Whatever operating system you choose to have, it’s best to install it yourself. My preference is Linux Mint, as it is very quick, not bloated, and easy to install (a guide to install Linux Mint is coming soon).

You can even run the Linux operating system from a USB thumb drive, instead of the computer’s internal hard drive.

Conclusion:

Air-gapped computers are a very handy tool. You can create your own Bitcoin seed(s), check the honesty of a hardware wallet you bought, or write sensitive documents such as instructions to heirs on how to access your bitcoin.

%d bloggers like this: